Silence on the Wire is a fantastic book that looks at unconventional and underdiscussed aspects of security: interesting timing attacks, subtle information leakage, fingerprinting, etc. It's by Michal Zalewski, who is perhaps better known to HN folks as the author of the American Fuzzy Lop (AFL) fuzzer.
I think that book probably did more to get me into security than any other – it's just filled with really wonderful, clever stuff.
Michal Zalewsk is a all-round polygot that also wrote "The Tangled Web", I wish I could recommend it but I don't understand 1/2 of it.
Interestingly I only became aware of him after stumbling on his "Guerrilla guide to CNC machining, mold making, and resin casting"
http://lcamtuf.coredump.cx/gcnc/, an astounding complete piece of work.
I'm a few chapters into Silence on the Wire and enjoying it. Zalewski is brilliant. It's very theoretical however. I'd only recommend it if your motive for reading it is pure interest rather than a desire to pick up practical skills that are immediately actionable.
The Linux Command Line has basically taught me everything I know about using bash.
I've never read The Smart Girl's Guide to Privacy, but I've heard so many good things about it. It's on my to-read list.
The Bug Hunter's Diary is really interesting, although someone reading it now might feel like it's a bit outdated (it got released in 2011 if I remember correctly). I didn't particularly enjoy reading The Art of Exploitation. It was a bit dull for me.
Interesting - I have the first edition of Hacking - The Art of Exploitation and found it an interesting read. Can't compare to other books listed here though as I haven't read any of them.
Currently reading Python Crash Course. It's pretty great. The first part is all the Python basics, and the next part is three diverse projects: a videogame, data visualisation, and a Django website. You can go back and forth working on the projects and flipping to the Python basics. We just bought it, and the learners in my family seem to be enjoying it a lot.
I wonder if they track you? Some other companies who sell digital downloadable products insert your name, address etc. into the files somewhere.
Selling downloadable digital products strikes me as a bad business model. Bad for either the companies or the consumers. DRM is bad since it won't last forever. When the company goes out of business, "your" products will no longer work. Personally, I don't like tracking either. What if my computer gets hacked, stolen or that I simply forget to securely wipe a disk before throwing it away - will the company who sold me stuff blame me for pirating, if the files end up on some pirate site? On the other hand, if a company does neither DRM nor tracking, then they're very vulnerable to piracy.
Seems to me that rentals/streaming is a better business model. Would it be better if publishers like No Starch Press sold time-limited access (like say 5 or 10 years) to a website where you could read the books? Of course, dedicated pirates would be able to pirate that, but it would be inconvenient for ordinary people.
It's possible Humble Bundle may have put watermarks to trace the files in case they end up on piracy sites.
In my opinion, I find HB's business model reasonable. It trusts users to be willing to pay a bit of money to get the books. It is also upfront about where the money from the sale goes (to itself and various organisations) and even allows you to adjust the amount each one gets.
By trusting users in this way, it hopes that users do not abuse the trust by giving away the books to piracy sites. Instead, I believe it hopes to encourage more people to come to the site and pay for the books (and support organisations), rather than free-load the books via piracy.
This is, of course, just my opinion. But I have bought a few Humble Bundles and intend to continue supporting it.
I have a big soft spot for HB. I saw this bundle and immediately thought of two people I know who are very likely to want it, so I sent them an email and attached one of the books from my bundle according to what I thought they'd like best.
I told them the publisher was reputable and if they had $15 to drop on the whole thing, as I had, then they should go for it--but if they just didn't have the money, I offered to send them anything else they wanted from my own download provided they tell anyone else they thought might be interested about the deal.
This straight-up doesn't hurt anyone. If my friends don't have the cash anyway, there's no opportunity cost--but now they know about Humble Bundle and they're probably going to tell other people because it's such a good deal. (And they get at least one new book.) A common and effective marketing tactic is to put the product (or a sample) in people's hands and then ask if they want to buy it, and everyone likes freebies.
I think being DRM-free helps to spread the word more than it hurts, and it also acts as a giant "We're Not Evil" flag. I'd hazard that No Starch does this kind of thing more in order to increase its brand awareness (and its affiliation with good-karma organizations like HB) than it does to actually make money.
I found out about the deal from No Starch's web site, because I have a print copy of Clojure for the Brave and True and had gone looking for the associated files. I'd barely heard of the publisher before, but now I respect them almost as much as O'Reilly. CftBaT is actually available free in HTML form, by the way, and earned itself a big link on my blog.
Basically, this kind of thing is actually really common when you think about it! It kind of reminds me of open source, but without the ability to modify. Then again, you can always write your own book.
Anyway, if someone goes looking for something for free by questionable means and they can't find a pirated version of it, how often do you think they actually go out and buy it instead? I would say almost never, unless whatever it is is in high demand or well known--that tends to not be the case among Humble Bundle items, which are from indie developers and publishers.
That's not true at all, if you're including their core PC game business. The vast majority of games they sell come with DRM. Only the Indie bundles are marketed DRM free, and there's only a few of those a year versus many dozens (probably approaching 100?) other bundles a year.
Yes. What I meant was - 'Humble Bundle' was created as a digital store to distribute muti-platform DRM free indie games where a certain percentage of the sale goes to charity.
But due to their massive success they changed their policies. The explosive success of HB was something very special - and as an indie game developer it's hard to talk about it without its genesis.
A bit offtopic, but does anyone know why Humble Bundle have the "Bitcoin" button look disabled? I don't understand why they would want to discourage Bitcoin payment, since it's not subject to chargebacks.
When you go to purchase with Bitcoin, it says "Unfortuantely Bitcoin orders are not refundable", so that might be why they're discouraging it for the average buyer.
Make sure you disable an ad blocker. I temporarily allowed the site, but the checkout system didn't work. After I globally allowed all sites, the modal popped up.
Any reviews of the other ones from HN crowd?